How we use your information

What is personal information?

This is information about a living person which allows anyone to work out who they are such as name, address, telephone number, date of birth, and bank details and so on. This can include letters, emails, photographs, audio and video recordings. Some of your information is also known as special category data which is more sensitive, and we have to look after it more carefully. This includes details of ethnic origin, religious beliefs, sexual orientation, trade union membership, health data, and biometric (for example fingerprints, facial recognition) and genetic (such as DNA) data.

What information do we collect about you and how do we use it?

By providing services for you we ask for a wide range of information, some of which is personal. This can be (for example) information used for the assessment and collection of Council Tax and business rates, the payment of benefits, grants and loans administration, applications for housing and accommodation, and for the collection of waste. We then use your personal information to deliver the service or fulfil an obligation. Many of these services and obligations are covered under laws, the main ones for the council are the Local Government Acts and the Localism Act 2011 but there are many more. A non-exhaustive list of the reasons we take your information can be found here: Why we take your information

Don’t I have to give consent for you to use or share my personal information?

Usually, the information we hold about you has been collected for a specific purpose. Your consent may be needed when we want to use data for a different purpose. For example, we collect your name and address so we can send you Council Tax bills, but we would need your permission if we used this information to send you something else at another time, this is called opting in. If you give consent for this action or any other form of opt in consent, you have the right to ask for this consent to be withdrawn, where relevant.

However, your consent may not be required if an exemption is applied. For example where we are undertaking checks as part of the National Fraud Initiative, to prevent and detect crime, ensure we can enforce the collection of council tax, or permitted to share data under other legislation. We will also share your information between services in the council so we can keep our records on you as up-to-date as possible and improve our services to you. For example if you tell the housing team you have moved, they will pass this information on to other parts of the council to update their records but don’t worry, our staff can only see your information if they need it to do their job.

Safeguarding – if there is a safeguarding concern, we will take immediate steps to safeguard people from harm in accordance with our safeguarding policies. We will only share your personal information with other agencies in order to protect your vital interests or the vital interests of another person. This will include information sharing with the Suffolk multi Agency Safeguarding Hub (MASH) if we believe somebody to be at risk of abuse or harm.

What if I choose not to give personal information?

We may need to collect personal information by law, carrying out a public task or under the terms of a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean we cannot perform services or give assistance to you. Any data collection that is optional would be made clear at the point of collection.

Can I see what personal information you hold about me?

Yes - the General Data Protection Regulations provide the following rights for individuals:

The right to be informed – this is the information given to you in a privacy notice

The right of access – you can ask to see the personal information we hold about you

The right to rectification – if you feel your information is incorrect you can ask for it to be corrected

The right to erase – there are some circumstances when you can ask for your personal information to be erased (removed from our systems)

The right to restrict processing – there are some circumstances when you can ask for the processing of your personal information to be restricted

The right to data portability – you may request to acquire and reuse your personal information for your own purposes

The right to object – you can object to processing if you feel your personal information is not being used for the purposes that you gave it to us for

Rights in relation to automated decision making and profiling – you have the right to know if your personal information is used in an automated process which could result in an unfavourable decision against you.

How we use your information to make automated decisions

We sometimes use systems to make automated decisions based on personal information we have about you. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the service we may offer you now or in the future.

Here are the types of automated decisions we make:

Housing Register - We use a system that, based on the information you fill in when applying to join the housing register, assesses your priority for housing. Dependent on the answers you give in relation to the financial section you may be eligible to go onto the register and be made ‘live’ automatically without any officer oversight, albeit with a low priority.

Your rights

As a person you have rights over automated decisions:

You can ask that we do not make a decision based on the automated score alone

You can object to an automated decision and ask that an officer reviews it

If you want to know more about these rights, please contact us.

What do I have to do if I want to exercise one of my rights above?

In regards to all of the above you can ask us for confirmation your data is being processed, access to information that we hold about you and other supplementary information. This is called a Data Subject Access Request; you can request this information verbally or in writing. To help you in this process we have prepared a form that you can download and complete:

You will be required to provide proof of identity. We must respond to you within one month, once we have checked your identity – if we feel the request is complex we may ask for an extension of this period.

If the information we provide is incorrect you must write to us and tell us what information is incorrect and ask that it be corrected. If we do not agree that the information is incorrect you may ask us to record your disagreement. There is no charge for this service, however a charge may be incurred if the request is deemed to be manifestly unfounded or excessive, particularly if it is repetitive.

In certain circumstances, it may be the case that your request is denied and will write to you and inform you if that is the case.

How can I contact you if I don’t understand what I have read?

We can be contacted by email at: data.protection@westsuffolk.gov.uk or write to us at: The Data Protection Officer, West Suffolk House, Western Way, Bury St Edmunds, Suffolk, IP33 3YU.

Where can I find more information about my rights?

The Government has set out a number of data protection principles and rights for you that we must follow when using your personal data. These principles and rights are detailed in the Data Protection Act 2018. How we comply with these principles and rights is explained in our West Suffolk Data Protection Policy and our Record Management Guidance

Complaints

If you wish to complain about the way in which your request has been processed then your complaint will be dealt with as a Step two complaint in accordance with our complaints procedure. If you are still unhappy with the decision, you have a right of appeal to the Information Commissioner’s Office, visit their page: Information Commissioner’s Office

We aim to have a secure website, and use security technology to protect any sensitive personal data we process about you. But your use of the internet, and this website, is entirely at your own risk. We have no responsibility or liability for the security of personal information transmitted over the internet. Please be aware that emails sent through the internet may not be secure so please consider this before you send personal or sensitive data.

Other legal requirements in regards to personal information

Data Matching and the National Fraud Initiative (NFI)

The information you give when you complete and return a form electronically or on paper will be held in accordance with current data protection legislation.

We are required by law to protect the public funds we administer.

We may share information provided to us with other bodies responsible for auditing or administering public funds, or where undertaking a public function, in order to prevent and detect fraud. Your personal data may be used to manage, monitor, improve and promote our services. Where delivery of services or actions is in partnership with others, it may also be shared with other persons or bodies in accordance with, and restricted to, the terms of information shared agreements and protocols.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information.

Computerised data matching allows potentially fraudulent claims, applications and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office's National Fraud Initiative; a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed on: Gov.UK - National Fraud Initiative

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018.